The California Highway Patrol (CHP) recommends representatives of state agencies reporting computer crimes follow their established internal departmental notification protocols and to include involving the agencies’ Information Security Officer and/or their designee.

The California Compliance and Security Incident Reporting System (Cal-CSIRS) database has been developed by the California Office of Information Security (OIS) to facilitate the rapid reporting and notification of computer-related crimes and information security incidents by state agencies. The Cal-CSIRS database will provide notifications to OIS and CHP Computer Crimes Investigation Unit (CCIU).

To report and submit incidents:

1)      State entity personnel who have experienced or identified an information security incident:

o   Please contact the Information Security Officer (ISO) for your organization.
o   If you are not sure who the ISO is for your organization, you may find a current ISO Leader List here

2)      State entity ISOs who have an information security incident to report:

o   Please navigate to the OIS Cal-CSIRS database at CalCSIRS 
o   If you do not have a Cal-CSIRS account, please, contact the OIS directly at (916) 445-5239 or by email at security@state.ca.gov .

o   If the incident requires immediate law enforcement assistance, please contact the CHP ENTAC at (916) 843-4199, which is staffed 24/7 and will forward the information to CCIU.

o   Note:  If a state entity has requested immediate law enforcement assistance, it is their responsibility to notify the OIS by initiating a Cal-CSIRS report by the next business day.  Contacting ENTAC, CCIU, OIS, or any other state entity, directly by phone or email does not initiate or fulfil the Cal-CSIR reporting requirement.

Legal Requirements

Computer Crimes That Require Notification To The CHP

The CHP has primary investigative authority for violations of California Penal Code Section 502, subsection (c), where a state agency is the victim. Computer crimes occur when a person does any of the following:

1. Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.
   

2. Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.
   

3. Knowingly and without permission uses or causes to be used computer services.
   

4. Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network.
   

5. Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.
   

6. Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.
   

7. Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.
   

8. Knowingly introduces any computer contaminant into any computer, computer system, or computer network.
   

9. Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and thereby damages or causes damage to a computer, computer system, or computer network.

10. Knowingly and without permission disrupts or causes the disruption of government computer services or denies or causes the denial of government computer services to an authorized user of a government computer, computer system, or computer network.

11. Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to  a public safety infrastructure computer system computer, computer system, or computer network.

12. Knowingly and without permission disrupts or causes the disruption of public safety infrastructure computer system computer services or denies or causes the denial of computer services to an authorized user of a public safety infrastructure computer system computer, computer system, or computer network.

13. Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or public safety infrastructure computer system computer, computer system, or computer network in violation of this section.

14. Knowingly introduces any computer contaminant into any public safety infrastructure computer system computer, computer system, or computer network.

Reporting

The Cal-CSIRS database has been developed by the CISO to facilitate the rapid reporting and notification of computer-related crimes and IT security incidents by state agencies. The Cal-CSIRS database will provide notifications to CHP ENTAC and the CCIU. The Cal-CSIRS database is designed to acquire the necessary information to determine the extent of investigative follow-up. Depending on the nature of the computer crime reported, a CHP CCIU Investigator may contact and/or respond to the reporting agency for additional information.